JoomlaFCK critical vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Locked
User avatar
smart
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Thu Aug 18, 2005 1:33 pm
Location: Sebastopol
Contact:

JoomlaFCK critical vulnerability

Post by smart » Fri Aug 11, 2006 9:31 am

JoomlaFCK has critical vulnerability which allows non authorized users upload .htaccess files to server.

Solution: in file /mambots/editors/fckeditor/editor/filemanager/upload/php/config.php

change line:

Code: Select all

$Config['DeniedExtensions']['files']    = array('php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi');
to

Code: Select all

$Config['DeniedExtensions']['files']    = array('php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi', 'htaccess');
Last edited by smart on Fri Aug 11, 2006 9:36 am, edited 1 time in total.
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team

Locked

Return to “3rd Party/Non Joomla! Security Issues”